EP2175455B1 - Verfahren für den kontrollierten Zugriff auf eine Speicherkarte und Speicherkarte - Google Patents
Verfahren für den kontrollierten Zugriff auf eine Speicherkarte und Speicherkarte Download PDFInfo
- Publication number
- EP2175455B1 EP2175455B1 EP08017900A EP08017900A EP2175455B1 EP 2175455 B1 EP2175455 B1 EP 2175455B1 EP 08017900 A EP08017900 A EP 08017900A EP 08017900 A EP08017900 A EP 08017900A EP 2175455 B1 EP2175455 B1 EP 2175455B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- time
- memory card
- control unit
- time information
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 26
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000010295 mobile communication Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Definitions
- the invention relates to memory cards with access protection. More specifically, the invention is related to a method for verifying access to data securely stored on such a memory card. Moreover, the invention is related to a memory card for securely storing data.
- Memory cards are integrated circuit (IC) cards including non-volatile memory and a controller, which controls the operation of the memory card.
- Such memory cards can be temporarily connected to host devices, such as, for example, personal computers (PCs), cellular telephones, personal digital assistants (PDAs), digital cameras, portable audio players and other host electronic devices for storage of data.
- PCs personal computers
- PDAs personal digital assistants
- SD Secure Digital
- CF Compact Flash
- MMCs Multimedia Cards
- Memory cards of the type described before may provide a security mechanism for protecting data from unauthorized access. This allows for storing sensitive data in the memory card, such as, for example, banking details of the card owner, medical data of the card owner and personal photographs or other personal data.
- the card owner may access the data using a credential, such as, for example, a password.
- a credential such as, for example, a password.
- the user may wish to make the protected data accessible for other persons in some situations. For instance, the card owner may wish to allow his doctor to read protected medical data stored in the memory card or to make personal photos available to a friend.
- WO 2005/039218 discloses a method for protecting data on a data carrier which can be connected to a terminal device. Based on access conditions stored in the data carrier a judging unit of the data carrier judges whether or not the terminal device is authorized to access data stored in the data carrier.
- the access conditions includes one or more sets of period information, each period information indicating a time period available for the corresponding to access the data.
- the judging unit extracts the access available time period and furthermore acquires the date information from a date management unit. Then, the judging unit judges whether or not the current time indicated by the data information is within the access available time period.
- the data management unit is likewise included in the controller of the data carrier and manages date information indicating the current date.
- the invention suggests a method for providing access to data securely stored in memory card.
- the method comprises the following steps:
- the invention suggests a memory card for securely storing data therein.
- the memory card is adapted to receive first time information corresponding to a time period and to store the first time information.
- the memory card comprises a control unit configured to determine, whether the time period has lapsed, and to allow a terminal to access the data unless it is determined that the time period has lapsed, while the memory card is inserted in the terminal.
- the invention allows the card owner to specify first time information corresponding to a time period in which the protected data stored in the memory card can be accessed by a person by means of a terminal.
- the card owner may specify the first time information before handing over the memory card to the other person.
- first time information corresponding to a suitable short time period it can be prevented that unauthorized third parties can access the protected data after the authorized person has accessed the data.
- access to the protected data can be limited to selected persons in secure way.
- the access to the protected data can be allowed without having to provide a credential, such as, for example, a password.
- a credential such as, for example, a password.
- this makes access to the data easier for another person, since this person does not have to receive a credential for unlocking the memory card.
- it is ensured that a person cannot access the protected data without the card owner's permission when he obtains the memory card a second time. If a credential was used for protecting the data, a person could use the credential he already received together with the card in the past when obtaining the memory card a second time.
- the terminal allows the control unit to connect to a clock unit arranged external to the memory card and to retrieve from the clock unit second time information specifying a current time, said second time information being used to determine, whether the time period has lapsed.
- This embodiment has the advantage that the memory card does not have to include a clock unit so that the complexity of the memory card can be reduced.
- the clock unit is comprised in a network server and the control unit connects to a network server via a network connection provided by the terminal to retrieve the second time information from the clock unit.
- Retrieving the second time information from a network server has the advantage that confidential time information can be used, which are generated out of the sphere of influence of the person to which the memory card is handed over. This reduces the risk of fraudulent use of the memory card.
- the second time information retrieved from the network server may be tampered with.
- the second time information may be manipulated during their transmission to the memory card or a request of the time information may be redirected to another server in order to provide manipulated time information.
- one embodiment of the method and the memory card comprises that the time information retrieved from the clock unit comprises authentication information, particularly a digital signature, which is verified in the control unit.
- the first time information specifies a point in time and the control unit determines, whether the time period has lapsed, based on a time difference between the specified point in time and the current time specified in the second time information.
- the card owner can advantageously specify a point in time, i.e. an absolute time, up to which the memory card can be accessed by another person using the terminal. This allows the card owner to control when the other person accesses the memory card. By specifying a near point in time, the card owner can prevent that an unauthorised person can access the memory card after the possession of the card devolved to him from the authorized person that received the card from the card owner.
- control unit repeatedly retrieves second time information form the clock unit while the memory card is inserted in the terminal and the control unit determines, whether the time period has lapsed, each time after second time information has been retrieved.
- control unit determines that the time period has lapsed when a time counter in the memory card indicates that the time difference has lapsed, said time counter being started after the memory card has been inserted into the terminal.
- This embodiment has the advantage that the second time information has to be retrieved only once. In particular, this reduces the number of accesses to the network time server so that the server load and the network load are reduced.
- a further embodiment of the method and the device comprises that the first time information specifies the time period.
- a defined time period is provided in which a person can access the memory card by means of the terminal irrespective of the point in time or absolute time when the person accesses the card.
- the person accessing the memory card is more flexible in choosing the point in time for accessing the card.
- control unit determines that the time period has lapsed when a time counter in the memory card indicates that the time period has lapsed, said time counter being started after the memory card has been inserted into the terminal.
- the control unit stores the time specified in the second time information when it retrieves the second information for the first time, the control unit repeatedly retrieves second time information from the clock unit, and the control unit determines, whether the time period has lapsed, based on a comparison of the time period and a time difference between the stored time and the current time specified in the lastly retrieved second time information.
- a system comprising a memory card of the type described before and further comprising a terminal for receiving the memory card.
- Figure 1 schematically depicts elements of a system for controlling access to data stored in a memory card 102.
- the memory card 102 stores sensitive data of the card owner.
- the owner can make such data accessible to authorized persons, while unauthorized third parties are prevented from accessing the data.
- the data may be any data the owner wants to share with selected persons.
- the data are medical data of the owner, which the owner wishes to share only with a doctor.
- banking details the owner wishes to provide only to trustworthy persons.
- personal data are concerned, such as, for example, personal photos, the owner wants to share only with friends.
- the memory card 102 comprises a memory 104 and a microcontroller 106 integrated into a housing.
- the housing may be small enough so that the owner can carry the memory card 102 easily and that the memory card 102 can also be used in connection with card readers, which are integrated into small devices, such as, for example, mobile communication devices.
- the memory card 102 is configured according to a standard format and may be an SD card, a CF card, an MMC or the like.
- Another example of a memory card format in sense of this disclosure is a USB flash memory device.
- the standard format may particularly specify the size and shape of the memory card 102, the configuration of its electric contacts and the communication protocols used in the communication with the memory card 102.
- the standard compliance of the memory card 102 allows the card to be accessed by means of card reader device, which is likewise compliant with the standard.
- the memory 104 is a non volatile storage that can be electrically erased and reprogrammed.
- the memory 104 may be configured as a solid state storage unit, particularly a flash memory or a non-flash EEPROM (Electrically Erasable Programmable Read-Only Memory).
- EEPROM Electrically Erasable Programmable Read-Only Memory
- the memory 104 may be constituted by one or more memory chips, which are arranged in the housing of the memory card 102.
- the microcontroller 106 and the memory 104 may reside on one single chip within the memory card 102 or the microcontroller may be a separate chip connected to the memory 104.
- the microcontroller 106 provides functionality for accessing the memory 104 by means of devices to which the memory card 102 is connected.
- the microcontroller 106 implements the communication protocols used for the data exchange between the memory card 102 and a connected device.
- At least the part of the data content of the memory 104 comprising the sensitive data of the owner is protected against unauthorized access, i.e. the unauthorized reading, deleting and manipulating of the protected data.
- the microcontroller 106 provides a control unit controlling the data storage to and data retrieval from the memory 104. Each attempt to access the protected data stored in the memory 104 is either allowed or denied by the control unit.
- the control unit is implemented as a software program, which is run on the microcontroller 106 of the memory card 102.
- a group management may optionally be provided. This means that different groups of protected data are stored in the memory card 102, where different access authorisations can be configured for the groups.
- the groups may be stored in different areas of the memory 104 or the data files contained in the different groups may be identified in another way.
- the groups are managed in the control unit.
- the group management allows for storing in the same memory card 102 data the owner wants to share with different people. For instance, the owner can store health data for sharing with his or her doctor and data for sharing with friends on the same memory card 102.
- a card reader unit 108 For accessing the protected data stored in the memory card 102, a card reader unit 108 is used, which is coupled to a terminal 110 of the person who wants to access the protected data.
- the card reader unit 108 may be integrated into the terminal 110 as it is depicted in figure 1 , or the card reader unit 108 may be a separate unit connected to the terminal 110.
- the terminal 110 is connected to a communication network 112, which connects the terminal 110 to a time server 116.
- the communication network 112 is the Internet.
- the communication network 112 may also be configured as another network allowing a data exchange between the terminal 110 and the time server 116, such as, for example, a mobile communication network.
- the terminal 110 can be connected thereto via a mobile communication network, for instance.
- the terminal 110 may be a personal computer or another stationary device, including a dedicated stationary terminal.
- the terminal 110 is configured as a handheld device, which may be a dedicated device or a general purpose device, such as, for example, a mobile communication device.
- the time server 116 includes a clock unit, which measures the current absolute time.
- the clock unit provides a high accuracy with only small deviations from the correct time.
- the time server 116 is preferably protected from being tampered by suitable means.
- the owner of the memory card 102 also disposes of a device 114 comprising a card reader unit 118 for receiving the memory card 102.
- the device 114 is utilised for preparing the memory card 102 before it can be accessed by means of the terminal 110. Therefore, the device 114 preferably is a portable device, which can be carried by the user easily.
- the device 114 For allowing the card owner to operate the device 114, it comprises a display unit 120, such as, for example, a monitor, and an input unit 122, such as, for example, a keypad.
- the operation of the device 114 is controlled by means of a microprocessor 124.
- the microprocessor 124 is coupled to the card reader unit 118, the display unit 120 and the input unit 122.
- the microprocessor 124 is coupled to a memory unit 126 for storing software programs that are executed in the microprocessor 124 and for storing further data used in the operation of the device 114.
- the device 114 may be a device dedicated to the functions described herein. However, it is preferred to use a device 114, which the card owner usually already carries so that he does not have to carry a further device.
- An example of a device 114, which can be utilized within the scope of the invention and which is already carried by the card owner is a mobile communication device, such as, for example, a cellular phone, a PDA or the like.
- the owner of the memory card 102 wishes to make his protected data accessible to the user of the terminal 110, he inserts the memory card 102 into the card reader unit 118 of his device 114.
- the device 114 provides a function which allows the user to specify a point in time up to which the protected data stored in the memory card 102 is to be made accessible.
- the card owner may specify a time period during which the protected data stored in the memory card 102 is to be made accessible.
- the point in time up to which the protected data is accessible is calculated from the specified time period using the current time, which is available in the device 114. It should be noted that the time period the card owner specifies calculates starting at the time when it is entered into the device 114.
- the function for specifying the point in time is implemented in the form of software application which is executed in the microprocessor of the device 114.
- the user may specify the point in time or the time period using the input unit 122 and the application may provide a graphical user interface at the display unit 120 to allow for an easy and convenient operation.
- the function is provided by the memory card 102 itself.
- the memory card 102 may comprise a web server enabling the memory card 102 to provide web pages which can be accessed by means of a web browser.
- SCWS smartcard web server
- This technology which allows for integrating web servers into smartcards, can be adapted to the memory card 102, which is a particular smartcard.
- the web server of the memory card 102 may provide a web page which is accessed by means of a browser software of the device 114.
- the web page may be displayed at the display unit 120 and the user may input the point in time or the time period till the point in time using the input unit 122 of the device 114. If the user specifies a time period, the control unit may calculate the point in time based on the current time, which may be provided by the clock of the device 114.
- the card owner may start the procedure of specifying the point in time or the time period by starting the corresponding software application. This may be done when the card owner intends to hand the memory card 102 over for reading the data in the near future and when he knows how much time the acceptor needs to read the protected data.
- the user may specify the point in time or the time period at the acceptor's site directly before he hands over the memory card 102 to the acceptor.
- the device 114 is portable.
- the control unit After the card owner has specified the point in time or the point in time has been calculated from the time period specified by the card owner, the control unit checks the authorisation of the card owner. For this purpose, the device 114 forwards a credential to the memory card 102. Then, the control unit verifies the credential.
- the credential may include a user name and/or a secret password or a PIN (Personal Identification Number).
- the credential may be passed to the control unit of the memory card 102 together with the point in time or time period.
- the credential is entered by the card owner, or the credential is securely stored in the device 114 and forwarded to the memory card 102 together with the point in time or time period.
- control unit does not allow to store the point in time in the memory card 102.
- the control unit After having successfully verified the credential, the point in time specified by the card owner or calculated from a time period specified by the card owner, the control unit securely stores the point in time in the memory card 102.
- control unit In order to allow the card owner to access the protected data without setting a time limit, it may be provided that the control unit also allows access to the protected data based on a successful verification of the credential.
- the card owner hands over the memory card 102 to the acceptor.
- the card owner may be informed about the successful storage of the point in time by presenting a corresponding message, which is generated in the control unit, at the display unit 120 of his device 114.
- the acceptor inserts the memory card 102 into the card reader unit 108 of the terminal 110.
- the control unit retrieves time information from the time server 116.
- Information for establishing a connection to the time server 116 such as the network address of the time server 116, is securely stored in the memory card 102.
- the data exchange between the control unit and the time server 116 may be based on the HTTP (Hypertext Transfer Protocol).
- HTTP Hypertext Transfer Protocol
- a "continuous" connection between the memory card 102 and the time server 116 may be established via the terminal 110 using the HTTP. This means, that a protocol conversion of the control unit's request for providing time information and of the answer of the time server 116 can be dispensed with.
- the time information provided by the time server 116 specifies the current time as measured in the time server 116. Furthermore, the time information is cryptographically secured in such a way that a recipient can verify that the time information originates from the time server 116 and that the time information was not modified during transmission to the recipient. In order to achieve this, the time information is encrypted using a secret encryption key of the time server 116. As an alternative the time information includes a digital signature of the time server 116, i.e. a check value, which is derived from the content of the information and encrypted using the secret key of the time server 116.
- the secret encryption key is part of an asymmetric key pair further including a public decryption key for decrypting data, which has been encrypted using the secret encryption key.
- the public decryption key of the time server 116 is securely stored in the memory card 102.
- the secure storage prevents the key from being replaced by another key.
- the control unit verifies the authenticity of the time information. For this purpose, the control unit decrypts the time information or the digital signature with the public encryption key thereby verifying the authenticity and integrity of the time information. If a digital signature is used, the control unit decrypts the check value thereby confirming that the time information originates from the time server 116. Then, the time control unit compares the check value to a self-generated check value and determines that the time information is unaltered, if both check values match.
- the memory card 102 may a digital signature of the memory card 102 into requests transmitted to the time server 116, which may be returned together with the time information.
- the digital signature may be generated using a secret key allocated to the memory card 102, and when receiving the time information, the memory card may verify the digital signature using the secret key or a decryption key allocated to the secret key. When the digital signature is successfully verified, it is ensured that the time information originates from the time server, to which the request has been sent.
- the verification of the digital signature may be part of the verification of the authenticity of the time information.
- the control unit denies access to the protected data stored in the memory card 102. After the authenticity and integrity of the time information has been validated successfully, the control unit compares the time information with the point in time that was specified by the card owner and that is stored in the memory card 102. If this point in time follows the point in time specified in the time information received from the time server 116, the control unit allows accessing the protected data stored in the memory card 102 by means of the terminal 110.
- control unit After the control unit has allowed access to the protected data, it determines when the point in time specified by the card owner is reached. If it is determined that the point in time is reached, the control unit locks the protected data again, i.e., the control unit prevents any further access to the data. The protected data are being locked even when the memory card 102 is still inserted into the card reader 108 of the terminal 110.
- the control unit may repeatedly retrieve time information.
- the control unit may retrieve the time information in regular, predetermined time intervals, which are not too long so that the user of the terminal 110 does not have access to the protected information significantly later than the stored point in time.
- Each time the control unit retrieves time information from the time server 116 it compares the time specified in the time information with the stored point in time and unlocks the protected data when the stored point in time is no longer in the future relative to the current time as specified in the time information retrieved from the time server 116.
- the control unit may also lock the protected data, if the time information received from the time server 116 cannot be verified successfully.
- the control unit preferably also locks the protected data, if time information cannot be retrieved from the time server 116, since in this case, the control unit is not able to determine, whether the point of time specified by the card owner has been reached.
- control unit only retrieves time information from the time server 116 once, after the memory card 102 has been inserted into the terminal 110, and calculates a difference between the time indicated by the time server 116 and the point in time specified by the card owner. Then, the control unit starts a time counter. When a counter value corresponding to the calculated time difference has been reached, the control unit determines that the time period corresponding to the calculated difference is lapsed and locks the protected data again against access from outside the memory card 102.
- time information provided by the time server 116 and received in the memory card 102 is stored in the memory card 102. Every time the control unit receives new time information from the time server 116 it checks whether the new time information specify a later time than the time information received before. If this is not the case, manipulated time information has been received and the protected data is locked. This procedure is particularly useful, if the control unit repeatedly retrieves time information from the time server 116 in order to determine whether the protected data is to be locked again. However, it can also be provided that the control unit compares the time information of one access interval with the time information retrieved in the following access interval in order to detect fraud, which is also possible when the control unit retrieves time information only for one time during an access interval.
- the term access interval refers to one contiguous time interval, in which access to the protected data is allowed and which is initiated by specifying a point in time up to which the protected data is accessible.
- the control unit stores the time information it retrieves from the time server 116 when the memory card 102 has been inserted into the terminal 110. While the memory card 102 is inserted into the terminal 110, the control unit may again repeatedly retrieve time information from the time server 116. Each time the control unit retrieves time information from the time server 116, it compares the time specified in the time information with the stored time and locks the protected data again when the difference between these times exceeds the time period specified by the user.
- the security mechanism may be the same as in the embodiments described before.
- control unit may lock the memory 104, if no time information can be retrieved from the time server 116, if the retrieved time information cannot be authenticated successfully and if time information received from the time server 116 specifies an earlier or the same time than time information received before.
- the control unit utilises a time counter of the memory card 102 for determining, whether the time period has lapsed.
- the time counter is started, after the memory card 102 has been inserted into the terminal 110.
- the control unit determines that the time period has lapsed and locks the protected data again against access from outside the memory card 102.
- the control unit locks the protected data if the point in time has been reached or if the time period has lapsed depending on which event occurs first. This means, that the protected is locked, when the point in time is reached even in case the time period has not lapsed yet. Furthermore, the protected data is locked, when the time period has lapsed, if the specified point in time has not been reached yet.
- the memory card 102 may provide a group management. If the card owner wants to make only one or more selected groups of protected data accessible, he may specify such groups together with the point in time up to which the data is made accessible or together with the time period for accessing the data. The specified groups are memorized in the control unit and the control unit does not allow access to other groups of protected data when the memory card 102 is inserted into the card reader unit 108 of the terminal 110.
- a further security mechanism may be provided for protecting the data in the memory card 102.
- allowing access to the protected data may additionally require that a password or other credential is entered into the terminal 110 and is verified by the control unit.
- the password or credential may be provided to the user of the terminal 110 by the card owner.
- the time limit for accessing the data prevents that he user of the terminal 110 access the data to a greater extent than intended by the card owner.
- the user of the terminal 110 cannot access the protected data without the card owner's permission when he obtains the memory card 102 a second time after having received the credential together with the memory card 102 before.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Claims (10)
- Verfahren zum Gewähren eines Zugriffs auf Daten, die in einer Speicherkarte (102) sicher gespeichert sind, wobei das Verfahren die folgenden Schritte umfasst:- Spezifizieren erster Zeitinformationen, die einer Zeitdauer entsprechen, und Speichern der ersten Zeitinformationen in der Speicherkarte (102);- Einführen der Speicherkarte (102) in ein Endgerät (110);- Bestimmen, ob die Zeitdauer verstrichen ist, in einer in der Speicherkarte (102) enthaltenen Steuereinheit, und- Zulassen, dass das Endgerät (110) auf die Daten zugreift, bis bestimmt wird, dass die Zeitdauer verstrichen ist,dadurch gekennzeichnet, dass das Endgerät (110) zulässt, dass sich die Steuereinheit über eine durch das Endgerät (110) bereitgestellte Netzverbindung mit einem Netzserver (116) verbindet und von einer in dem Netzserver (116) enthaltenen Uhreinheit zweite Zeitinformationen ausliest, die eine gegenwärtige Zeit spezifizieren, wobei die zweiten Zeitinformationen zum Bestimmen, ob die Zeitdauer verstrichen ist, verwendet werden.
- Verfahren nach Anspruch 1, bei dem die von der Uhreinheit ausgelesenen Zeitinformationen Authentisierungsinformationen, insbesondere eine digitale Signatur, die in der Steuereinheit überprüft wird, umfassen.
- Verfahren nach Anspruch 1 oder 2, bei dem die ersten Zeitinformationen einen Zeitpunkt spezifizieren und bei dem die Steuereinheit auf der Grundlage einer Zeitdifferenz zwischen dem spezifizierten Zeitpunkt und der in den zweiten Zeitinformationen spezifizierten gegenwärtigen Zeit bestimmt, ob die Zeitdauer verstrichen ist.
- Verfahren nach Anspruch 3, bei dem die Steuereinheit die zweiten Zeitinformationen aus der Uhreinheit wiederholt ausliest, während die Speicherkarte (102) in das Endgerät (110) eingeführt ist, und bei dem die Steuereinheit jedes Mal, nachdem die zweiten Zeitinformationen ausgelesen worden sind, bestimmt, ob die Zeitdauer verstrichen ist.
- Verfahren nach Anspruch 3, bei dem die Steuereinheit bestimmt, dass die Zeitdauer verstrichen ist, wenn ein Zeitzähler in der Speicherkarte (102) angibt, dass die Zeitdifferenz verstrichen ist, wobei der Zähler gestartet wird, nachdem die Speicherkarte (102) in das Endgerät (110) eingeführt worden ist.
- Verfahren nach Anspruch 1 oder 2, bei dem die ersten Zeitinformationen die Zeitdauer spezifizieren.
- Verfahren nach Anspruch 6, bei dem die Steuereinheit bestimmt, dass die Zeitdauer verstrichen ist, wenn ein Zeitzähler in der Speicherkarte (102) angibt, dass die Zeitdauer verstrichen ist, wobei der Zähler neu gestartet wird, nachdem die Speicherkarte (102) in das Endgerät (110) eingeführt worden ist.
- Verfahren nach Anspruch 6, bei dem die Steuereinheit die in den zweiten Zeitinformationen spezifizierte Zeit speichert, wenn sie die zweiten Informationen erstmals ausliest, wobei die Steuereinheit die zweiten Zeitinformationen aus der Uhreinheit wiederholt ausliest und wobei die Steuereinheit aufgrund eines Vergleichs der Zeitdauer und einer Zeitdifferenz zwischen der gespeicherten Zeit und der in den zuletzt ausgelesenen zweiten Zeitinformationen spezifizierten gegenwärtigen Zeit bestimmt, ob die Zeitdauer verstrichen ist.
- Speicherkarte (102) zum sicheren Speichern von Daten darin, wobei die Speicherkarte (102)- zum Empfangen erster Zeitinformationen, die einer Zeitdauer entsprechen, und zum Speichern der ersten Zeitinformationen ausgelegt ist, und- eine Steuereinheit umfasst, die dafür konfiguriert ist zu bestimmen, ob die Zeitdauer verstrichen ist, und zuzulassen, dass ein Endgerät (110) auf die Daten zugreift, bis bestimmt wird, dass die Zeitdauer verstrichen ist, während die Speicherkarte (102) in das Endgerät (110) eingeführt ist,dadurch gekennzeichnet, dass die Steuereinheit zum Verbinden mit einem Netzserver (116) über eine durch das Endgerät (110) bereitgestellte Netzverbindung, während die Speicherkarte (102) in das Endgerät (110) eingeführt ist, und zum Auslesen zweiter Zeitinformationen, die eine gegenwärtige Zeit spezifizieren, aus einer in dem Netzserver enthaltenen Uhreinheit ausgelegt ist, wobei die zweiten Zeitinformationen zum Bestimmen, ob die Zeitdauer verstrichen ist, verwendet werden.
- System, das eine Speicherkarte (102) nach Anspruch 9 umfasst und das ferner ein Endgerät (110) zum Aufnehmen der Speicherkarte (102) umfasst.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ES08017900T ES2400165T3 (es) | 2008-10-13 | 2008-10-13 | Procedimiento para proporcionar un acceso controlado a una tarjeta de memoria y tarjeta de memoria |
EP08017900A EP2175455B1 (de) | 2008-10-13 | 2008-10-13 | Verfahren für den kontrollierten Zugriff auf eine Speicherkarte und Speicherkarte |
US12/577,320 US9524401B2 (en) | 2008-10-13 | 2009-10-12 | Method for providing controlled access to a memory card and memory card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP08017900A EP2175455B1 (de) | 2008-10-13 | 2008-10-13 | Verfahren für den kontrollierten Zugriff auf eine Speicherkarte und Speicherkarte |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2175455A1 EP2175455A1 (de) | 2010-04-14 |
EP2175455B1 true EP2175455B1 (de) | 2012-12-12 |
Family
ID=40361433
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08017900A Active EP2175455B1 (de) | 2008-10-13 | 2008-10-13 | Verfahren für den kontrollierten Zugriff auf eine Speicherkarte und Speicherkarte |
Country Status (3)
Country | Link |
---|---|
US (1) | US9524401B2 (de) |
EP (1) | EP2175455B1 (de) |
ES (1) | ES2400165T3 (de) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8806198B1 (en) * | 2010-03-04 | 2014-08-12 | The Directv Group, Inc. | Method and system for authenticating a request |
US9654829B1 (en) | 2010-03-04 | 2017-05-16 | The Directv Group, Inc. | Method and system for retrieving data from multiple sources |
US9634640B2 (en) | 2013-05-06 | 2017-04-25 | Qualcomm Incorporated | Tunable diplexers in three-dimensional (3D) integrated circuits (IC) (3DIC) and related components and methods |
US9264013B2 (en) | 2013-06-04 | 2016-02-16 | Qualcomm Incorporated | Systems for reducing magnetic coupling in integrated circuits (ICS), and related components and methods |
US9172418B1 (en) * | 2014-05-30 | 2015-10-27 | Qualcomm Incorporated | User identity module protocol switch |
CN107466087B (zh) * | 2016-06-03 | 2020-06-30 | 中国移动通信有限公司研究院 | 一种网络搜索方法及移动终端 |
CN109599155A (zh) * | 2018-12-10 | 2019-04-09 | 上海新储集成电路有限公司 | 一种应用于医疗数据中心的智能服务系统及方法 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07200767A (ja) * | 1993-12-28 | 1995-08-04 | Mitsubishi Electric Corp | メモリカード |
JPH0823315A (ja) * | 1994-07-08 | 1996-01-23 | Sony Corp | 情報提供システム |
US6728851B1 (en) * | 1995-07-31 | 2004-04-27 | Lexar Media, Inc. | Increasing the memory performance of flash memory devices by writing sectors simultaneously to multiple flash memory devices |
US7702831B2 (en) * | 2000-01-06 | 2010-04-20 | Super Talent Electronics, Inc. | Flash memory controller for electronic data flash card |
US20030155417A1 (en) * | 2002-02-15 | 2003-08-21 | Sony Corporation | Content vending machine using IEEE 1394 |
US6862666B2 (en) * | 2002-05-16 | 2005-03-01 | Sun Microsystems, Inc. | Hardware assisted lease-based access to memory |
US20050027938A1 (en) * | 2003-07-29 | 2005-02-03 | Xiotech Corporation | Method, apparatus and program storage device for dynamically resizing mirrored virtual disks in a RAID storage system |
US20070021141A1 (en) | 2003-10-16 | 2007-01-25 | Kaoru Yokota | Record carrier, system, method and program for conditional access to data stored on the record carrier |
JP4746442B2 (ja) * | 2006-02-24 | 2011-08-10 | 株式会社東芝 | 端末装置 |
KR20090109345A (ko) * | 2008-04-15 | 2009-10-20 | 삼성전자주식회사 | 저항체를 이용한 비휘발성 메모리 장치, 이를 포함하는메모리 시스템 |
ES2401358T3 (es) * | 2008-10-13 | 2013-04-18 | Vodafone Holding Gmbh | Procedimiento y terminal para proporcionar acceso controlado a una tarjeta de memoria |
TW201019113A (en) * | 2008-11-06 | 2010-05-16 | Genesys Logic Inc | Authenticable USB storage device and method thereof |
-
2008
- 2008-10-13 EP EP08017900A patent/EP2175455B1/de active Active
- 2008-10-13 ES ES08017900T patent/ES2400165T3/es active Active
-
2009
- 2009-10-12 US US12/577,320 patent/US9524401B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
ES2400165T3 (es) | 2013-04-08 |
US20100095063A1 (en) | 2010-04-15 |
EP2175455A1 (de) | 2010-04-14 |
US9524401B2 (en) | 2016-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10142114B2 (en) | ID system and program, and ID method | |
US8572392B2 (en) | Access authentication method, information processing unit, and computer product | |
US9524401B2 (en) | Method for providing controlled access to a memory card and memory card | |
US6460138B1 (en) | User authentication for portable electronic devices using asymmetrical cryptography | |
EP3382587B1 (de) | Identitätsauthentifizierung unter verwendung eines strichcodes | |
TW201003572A (en) | Systems and methods for accessing a tamperproof storage device in a wireless communication device using biometric data | |
EP1805685A1 (de) | Tragbares speichergerät und datenaustauschverfahren | |
US8700848B2 (en) | Data exchange between protected memory cards | |
US8464941B2 (en) | Method and terminal for providing controlled access to a memory card | |
US8931080B2 (en) | Method and system for controlling the execution of a function protected by authentification of a user, in particular for the access to a resource | |
US20050138303A1 (en) | Storage device | |
JP2007115136A (ja) | Icカード、および、icカードプログラム | |
RU2573235C2 (ru) | Система и способ проверки подлинности идентичности личности, вызывающей данные через компьютерную сеть | |
JP4760124B2 (ja) | 認証装置、登録装置、登録方法及び認証方法 | |
JP4601498B2 (ja) | 認証装置、認証方法、その方法を実現するプログラム、およびそのプログラムを記録した記録媒体 | |
US20100125706A1 (en) | Provision of data stored in a memory card to a user device | |
WO2001082167A1 (en) | Method and device for secure transactions | |
GB2556625A (en) | Secure enrolment of biometric data | |
WO2007099717A1 (ja) | データ処理システムおよび可搬型メモリ | |
JP2005251215A (ja) | 個人認証システム、個人認証方法及びコンピュータプログラム | |
WO2019161887A1 (en) | Secure enrolment of biometric data | |
JP2004185255A (ja) | 個人情報管理及び生体認証を兼ね備えたフロッピー(登録商標)ディスク型生体情報認証装置 | |
JP2023179334A (ja) | 認証方法、認証システム、携帯情報機器、認証装置 | |
JP2004096554A (ja) | 公開鍵暗号処理システムおよび方法 | |
EVANGELISTA | Security Target SOMA801STM Electronic Passport |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA MK RS |
|
17P | Request for examination filed |
Effective date: 20101011 |
|
17Q | First examination report despatched |
Effective date: 20101108 |
|
AKX | Designation fees paid |
Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 588665 Country of ref document: AT Kind code of ref document: T Effective date: 20121215 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602008020732 Country of ref document: DE Effective date: 20130207 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2400165 Country of ref document: ES Kind code of ref document: T3 Effective date: 20130408 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: T3 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130312 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 588665 Country of ref document: AT Kind code of ref document: T Effective date: 20121212 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130412 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130312 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130412 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 |
|
26N | No opposition filed |
Effective date: 20130913 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602008020732 Country of ref document: DE Effective date: 20130913 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20131031 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20131031 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20131013 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20131013 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20081013 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121212 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 8 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IT Payment date: 20151028 Year of fee payment: 8 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: ES Payment date: 20151028 Year of fee payment: 8 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 9 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 10 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20161013 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20161014 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FD2A Effective date: 20181126 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20231019 Year of fee payment: 16 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20231020 Year of fee payment: 16 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20231024 Year of fee payment: 16 Ref country code: DE Payment date: 20231020 Year of fee payment: 16 |